CVE-2025-13223
Published Nov 17, 2025
Last updated a month ago
AI description
CVE-2025-13223 is a type confusion vulnerability in the V8 JavaScript and WebAssembly engine of Google Chrome. This flaw allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Google's Threat Analysis Group (TAG) discovered the vulnerability, confirming that an exploit for it exists in the wild. The vulnerability occurs when the V8 engine misinterprets data types, leading to memory corruption. Successful exploitation could allow attackers to bypass Chrome's sandbox protections and execute arbitrary code on a victim's system. To address this zero-day vulnerability, Google released an emergency update for the Chrome Stable channel.
- Description
- Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Analyzed
- Products
- chrome
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Google Chromium V8 Type Confusion Vulnerability
- Exploit added on
- Nov 19, 2025
- Exploit action due
- Dec 10, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
#VulnerabilityReport #browsersecurity Google Patches Actively Exploited Chrome Zero-Day Flaw (CVE-2025-13223) in Emergency Update https://t.co/nFvncRb6mP
@Komodosec
24 Dec 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kritikus zero-day sebezhetőséget javítottak a Chrome 142-es frissítésében A Google hétfőn publikálta a Chrome 142-es frissítését, egy már aktívan kihasznált zero-day sérülékenység javítására. A CVE-2025-13223 azonosítón nyomon követett, a V8 JavaScript-
@linuxmint_hun
2 Dec 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
After analyzing 89% of vulnerabilities from past week, CVE-2025-13223 has 82 articles published from different internet sources, no other cve has these many articles. More information here: https://t.co/SyyDujjO8C #vulnerability #CyberSecurity #ThreatIntel #CVE #SecurityAlert
@stooee_
29 Nov 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
After analyzing 89% of vulnerabilities from past week, CVE-2025-13223 has 82 articles published from different internet sources, no other cve has these many articles. More information here: https://t.co/SyyDujjO8C #vulnerability #CyberSecurity #ThreatIntel #CVE #SecurityAlert
@stooee_
28 Nov 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Chrome Zero-Day aktiv ausgenutzt! Google fixt eine kritische Lücke (CVE-2025-13223) in der V8-Engine. Schon der Besuch präparierter Websites kann Schadcode ausführen. updaten! ➡️ Chrome 142.0.7444.175+ installieren & Browser neu starten. #CyberSecurity #ZeroDay #
@HanseSecure
28 Nov 2025
153 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome のゼロデイ脆弱性 CVE-2025-13223/13224 が FIX:積極的な悪用を観測 https://t.co/5oP4VB4Rf4 Chrome のゼロデイが悪用されていた原因として、V8
@iototsecnews
28 Nov 2025
149 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚩 Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day https://t.co/X7ngIZdqI3 Google patched a type-confusion vulnerability in the V8 JavaScript/WebAssembly engine (CVE-2025-13223, CVSS 8.8) that is already being exploited in the wild to run arbitrary code
@Huntio
26 Nov 2025
1176 Impressions
3 Retweets
9 Likes
3 Bookmarks
0 Replies
0 Quotes
A zero-day Chrome/Chromium flaw CVE-2025-13223 (CVSS 8.8) is being actively exploited. The V8 engine bug lets attackers compromise systems via malicious pages. Our blog shows how Wazuh detects this threat. Read more: https://t.co/R9lHKKUuHw #InfoSec #OpenSource #CyberSecurity
@wazuh
26 Nov 2025
659 Impressions
13 Retweets
22 Likes
3 Bookmarks
0 Replies
0 Quotes
Google Chrome just got patched against a critical zero-day, CVE-2025-13223, that’s already being actively exploited 📷 One wrong click or just visiting a malicious page could let attackers run arbitrary code on your machine. Update Chrome immediately (desktop & Linux / m
@connecti
26 Nov 2025
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Multiples vulnérabilités dans Google Chrome (18 novembre 2025) — De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. Google indique que la vulnérabili
@RotateKeys
26 Nov 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google publica una corrección de seguridad para la vulnerabilidad de día cero de Chrome V8 explotada activamente. La vulnerabilidad en cuestión es CVE-2025-13223 (puntuación CVSS: 8,8). #ciberseguridad #cybersecurity https://t.co/MP6rQEkvZg
@EHCGroup
25 Nov 2025
8 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Google Chrome CVE-2025-13223 Zero-Day Exploitation [High] Nov 24, 2025 Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence #CyberSecurity #Innovation #LLM #CyberSecurityWarning https://t.co/GRXm9QTlty
@transilienceai
24 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
What if your browser quietly handed control to a hacker while you scroll? That’s happening right now. A flaw in #Chrome’s #JavaScript engine, V8, called CVE-2025-13223, is already being used. No one knows how many devices are already hit. https://t.co/YTlTZEijxk
@v_shakthi
24 Nov 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Chrome CVE-2025-13223 is actively exploited.Your logs know what happened.But can you see them?Syslog to ELK gives you: → Real-time threat detection → Centralized visibility → Instant log correlation https://t.co/XU7viLnsK6 #Cybersecurity #ELK #SIEM #ThreatDetection ht
@suniltiwari4509
24 Nov 2025
32 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
2 Quotes
Chrome使ってる全員に告ぐ⚠️ CVE-2025-13223 = Webサイト閲覧だけで感染 = すでに攻撃で悪用中 = 34億人が標的 対策してない人、マジでヤバい。 ▼9割が知らない5つの緊急対策 https://t.co/gGPUSJxcgn
@Uriuri_Lecturer
23 Nov 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
昨日まで「セキュリティなんて面倒」 って思ってた人へ CVE-2025-13223を知ったら 考えが180度変わると思います。 普通にネット見てただけなのに 気づいたらパソコン乗っ取られてる… そんな悪夢が現実に起
@Uriuri_Lecturer
23 Nov 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Come on @openai @perplexity_ai why can't I find any information about CVE-2025-13223 with respect to Comet nor Atlas? Seems likely both are vulnerable, but no indication either has been patched, and I can't find any statement saying you're not vulnerable and why.
@scode
22 Nov 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome users, heads up: a critical V8 flaw (CVE-2025-13223) is now on CISA’s Known Exploited list. Hackers can use it to corrupt memory and run code. If your business runs Chrome, patch it now before they patch you. https://t.co/pY45tTUPJX #CyberSecurity #ClickSmart
@lowcountrycyber
21 Nov 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐 Critical #openSUSE Chromium Patch Alert The latest Chromium update for openSUSE addresses two significant vulnerabilities: CVE-2025-13223 and CVE-2025-13224. Read more: 👉 https://t.co/Gcg4bxo368 #Security https://t.co/LFMSdMjuFj
@Cezar_H_Linux
21 Nov 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Important Security Alert for #openSUSE Users 🚨 A mandatory Chromium update is available to address critical type confusion bugs in the V8 JavaScript engine (CVE-2025-13223 & CVE-2025-13224). Read more: 👉 https://t.co/uHChIv5DrA #Security https://t.co/JK9retc6VU
@Cezar_H_Linux
21 Nov 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CISA ostrzega przed aktywnie wykorzystywaną luką 0-Day w Google Chrome (CVE-2025-13223) w silniku V8. Błąd typu „type confusion” umożliwia zdalne wykonanie kodu. Google załatało problem 19.11.2025 - zaktualizuj Chrome do wersji 131.0.6778.72 lub nowszej. @Zaufana3
@CyberScopePl
21 Nov 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Important security update: @opera, @operagxofficial, Opera Air, and Opera for Android have received a security fix for the latest zero-day vulnerability in Chromium: CVE-2025-13223. Update now to the latest versions: Opera One (124.0.5705.42) Opera GX (124.0.5705.38) Opera Air
@Opera_Security
20 Nov 2025
94 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Important security update: @opera, @operagxofficial, Opera Air, and Opera for Android have received a security fix for the latest zero-day vulnerability in Chromium: CVE-2025-13223. Update now to the latest versions: Opera One (124.0.5705.42) Opera GX (124.0.5705.38) Opera Air
@Opera_Security
20 Nov 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome exploit is live and on CISA’s radar. CVE-2025-13223 lets attackers run code via V8 engine flaws—translation: your browser could become their playground. SMBs, update Chrome now or risk getting burned. https://t.co/pY45tTUPJX #CyberSecurity #BrowserSecurity
@lowcountrycyber
20 Nov 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CISA Warns of Google Chrome 0-Day Vulnerability Exploited in Attacks Source: https://t.co/DCXNg2QE6x CISA has issued an urgent alert about a zero-day vulnerability in Google Chrome, actively exploited by threat actors. CVE-2025-13223 is a flaw in the Chromium V8 JavaScrip
@The_Cyber_News
20 Nov 2025
6971 Impressions
46 Retweets
139 Likes
38 Bookmarks
1 Reply
2 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1464 CVE-2025-13223 Google Chromium V8 Type Confusion Vulnerability ============= CVSSスコア: 8.8 (Base) / CISA-ADP CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 種別:型
@piyokango
20 Nov 2025
4203 Impressions
2 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
Alerta de Seguridad: Google Lanza Parche Crítico para un ‘Zero-Day’ en Chrome Explotado Activamente (CVE-2025-13223) https://t.co/MMJaraOtMB #CiberSeguridad #Internet #Noticia #Tecnología vía @unaaldia https://t.co/mBBbX3IQW3
@Securizame
20 Nov 2025
220 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Google urges 2 billion Chrome users to install an emergency update for a critical “type confusion” flaw (CVE-2025-13223) already being exploited. Fully restart your browser to stay protected. #etimes #etimespakistan #news #GoogleChrome #ChromeUpdate #CyberSecurity #TypeConfus
@eTimesPakistan
20 Nov 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Another Zero-Day in Chrome – This is the 7th one in 2025! 🚨 Google just emergency-patched CVE-2025-13223 – a critical type confusion flaw in V8 that is already being exploited in the wild. Attackers can trigger heap corruption and potentially run code on your machine
@42sudhir
20 Nov 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warnt vor aktiv ausgenutzter V8-Schwachstelle in Google Chrome - Da bereits funktionierende Exploits für CVE-2025-13223 kursieren, sollten Unternehmen und Endnutzer Chrome schnellstmöglich aktualisieren. https://t.co/Ft0SMSuZYb #Google #patch
@KolaricDav5471
20 Nov 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome users in SEA, update now! Google patches seventh zero-day CVE-2025-13223 actively exploited in the wild. #thisisgamesea https://t.co/6sp5GTFakW
@ThisIsGameSEA
20 Nov 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ZDNetによると、Google ChromeのV8エンジンに新たなゼロデイ脆弱性「CVE-2025-13223」が発見され、悪意あるHTMLでメモリー破損を引き起こし、既に攻撃が確認されています。緊急のアップデート(Windows/Linux版142.0.7444.17
@NewsBrowseJP
19 Nov 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #Google Chrome V8 Flaw #CVE-2025-13223 Added to CISA’s Exploited Vulnerabilities List https://t.co/I17CR7ucJt
@UndercodeNews
19 Nov 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google、Chromeを緊急アップデート-サイバー攻撃への悪用が確認されている複数の脆弱性を修正(CVE-2025-13223,13224) https://t.co/kx37s7uCxz #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
19 Nov 2025
122 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAが既知の脆弱性1件をカタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Nov 19) CVE-2025-13223 Google Chromium V8 の型混乱の脆弱性 https://t.co/FsZVjdfSDu
@foxbook
19 Nov 2025
291 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability 🚨💥 Google releases security update for Chrome to fix two active exploitation vulnerabilities, including CVE-2025-13223 (CVSS score: 8.8). Type confusion vulnerability in V8 JavaScript and ht
@HackonomicNews
19 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13223: Google Chromium V8 Type Confusion Vulnerability has been added to the CISA KEV Catalog https://t.co/9idGUAHIKd CVSS: 8.8
@DarkWebInformer
19 Nov 2025
3225 Impressions
3 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
Another Chrome zero-day (CVE-2025-13223), already under attack, just got patched. If your team’s still dragging their feet on updates, your data’s on the line. SMBs: push that Chrome update now or risk a breach. https://t.co/1srQPUdULW #CyberSecurity #PatchNow
@lowcountrycyber
19 Nov 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Google Chromium V8 type confusion vulnerability CVE-2025-13223 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/U7AVLgtbXD
@CISACyber
19 Nov 2025
7547 Impressions
23 Retweets
51 Likes
8 Bookmarks
1 Reply
0 Quotes
Heads up, Google pushed a critical Chrome update for a zero-day (CVE-2025-13223) in its V8 JavaScript engine, and it's already being exploited in the wild. If you’re still on an old build, update Chrome right now before someone else takes advantage. (Source:
@TechTal3s
19 Nov 2025
28 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome has released an emergency update to fix its 7th zero-day vulnerability (CVE-2025-13223) this year, a type confusion flaw in the V8 JavaScript engine. Update to version 142.0.7444.175/.176. https://t.co/VoGPN30Weq
@Jfreeg_
19 Nov 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zero-Day explotado activamente en navegador Google Chrome V8 Google corrigió dos fallos críticos en V8, incluyendo la vulnerabilidad CVE-2025-13223, que ha sido explotada activamente https://t.co/S60OQd3cdH… https://t.co/t4HyaDaiWr
@teamsixinvestig
19 Nov 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zero-Day explotado activamente en navegador Google Chrome V8 Google corrigió dos fallos críticos en V8, incluyendo la vulnerabilidad CVE-2025-13223, que ha sido explotada activamente https://t.co/JZYa3V9FJ6 https://t.co/ENDOVtK8vu
@elhackernet
19 Nov 2025
3827 Impressions
14 Retweets
51 Likes
6 Bookmarks
0 Replies
0 Quotes
🚨 New Chrome Zero-Day (CVE-2025-13223) — One tab is all it takes. Actively exploited. Used for real-world attacks. I break down the full exploit chain + sandbox escapes (Mojo & ANGLE/GPU) in today’s episode of 🧠 System Fracture. Watch here 👉 https://t.co/oe9U9vED
@PBSech
19 Nov 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na aktivně zneužívanou zranitelnost v Google Chrome, CVE-2025-13223. Upozornil na ni i Google a je způsobená špatným typováním ve V8 JavaScript Engine. Tato chyba umožňuje vzdáleným útočníkům zneužít poškození paměti pomocí speciálně vyt
@GOVCERT_CZ
19 Nov 2025
448 Impressions
1 Retweet
5 Likes
0 Bookmarks
1 Reply
0 Quotes
Alerta de Seguridad: Google Lanza Parche Crítico para un ‘Zero-Day’ en Chrome Explotado Activamente (CVE-2025-13223) https://t.co/EDVODXeBIW
@unaaldia
19 Nov 2025
437 Impressions
2 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
【リンク集:2025年11月18~19日のセキュリティ関連ニュース/記事】 <脆弱性> ・Fortinet、攻撃で悪用された新たなFortiWebゼロデイについて警告(CVE-2025-58034) https://t.co/WNrLUQ51os ・Chrome 142、悪用されたゼロデイ
@MachinaRecord
19 Nov 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Fortinet、攻撃で悪用されている新たなFortiWebのゼロデイについて注意喚起:CVE-2025-58034 🔨Google、攻撃で悪用されているChromeのゼロデイを修正:CVE-2025-13223 〜サイバーアラート11月19日〜 https://t.co/9SZ3rqgUJP #
@MachinaRecord
19 Nov 2025
162 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google、ChromeのV8ゼロデイCVE-2025-13223を修正 https://t.co/x0ifcIiQW6 #Security #セキュリティー #ニュース
@SecureShield_
19 Nov 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 Google released security updates for Chrome addressing two flaws including an actively exploited zero-day CVE-2025-13223! #Security #Chrome #Vulnerability Check it out here: https://t.co/zaa2X5HajM
@JamaalChalid
18 Nov 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3F3CAD1-884B-471E-8FDF-F42DA3DC356E",
"versionEndExcluding": "142.0.7444.175"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]